Cisco ASA 5505 Configuration Manual page 1503
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 67
Clientless SSL VPN
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Add or Edit Smart Tunnel Entry
The Add or Edit Smart Tunnel Entry dialog box lets you specify the attributes of an application in a smart
tunnel list.
•
•
OL-20339-01
Following the configuration of the smart tunnel list, the list name appears next to the Smart Tunnel
List attribute in the Clientless SSL VPN group policies and local user policies. Assign a name that
will help you to distinguish its contents or purpose from other lists that you are likely to configure.
Security Context
Transparent Single
—
•
Application ID—Enter a string to name the entry in the smart tunnel list. This user-specified name
is saved and then returned onto the GUI. The string is unique for the operating system. It typically
names the application to be granted smart tunnel access. To support multiple versions of an
application for which you choose to specify different paths or hash values, you can use this attribute
to differentiate entries, specifying the operating system, and name and version of the application
supported by each list entry. The string can be up to 64 characters.
Process Name—Enter the filename or path to the application. The string can be up to 128 characters.
Windows requires an exact match of this value to the right side of the application path on the remote
host to qualify the application for smart tunnel access. If you specify only the filename for Windows,
SSL VPN does not enforce a location restriction on the remote host to qualify the application for
smart tunnel access.
If you specify a path and the user installed the application in another location, that application does
not qualify. The application can reside on any path as long as the right side of the string matches the
value you enter.
To authorize an application for smart tunnel access if it is present on one of several paths on the
remote host, either specify only the name and extension of the application in this field; or create a
unique smart tunnel entry for each path.
Note
A sudden problem with smart tunnel access may be an indication that a Process Name value
is not up-to-date with an application upgrade. For example, the default path to an application
sometimes changes following the acquisition of the company that produces the application
and the next application upgrade.
For Windows, if you want to add smart tunnel access to an application started from the command
prompt, you must specify "cmd.exe" in the Process Name of one entry in the smart tunnel list, and
specify the path to the application itself in another entry, because "cmd.exe" is the parent of the
application.
Mac operating systems require the full path to the process and is case-sensitive. To avoid specifying
a path for each username, insert a tilde (~) before the partial path (e.g., ~/bin/vnc).
Multiple
Context
System
—
—
Cisco ASA 5500 Series Configuration Guide using ASDM
Configuring Smart Tunnel Access
67-39
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
